diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8324c68..9bdf8a1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,29 @@
 # Changelog
 
+## 2025-12-02 - Stability & Testing Update
+
+### Fixed
+- Double colon bug in vim command mode (`:` key consumed properly)
+- strtok data corruption in command output rendering
+- Use-after-free race condition (added reference counting)
+- SSH read blocking issues (added timeouts)
+- PTY request infinite loop
+- Message history memory waste (optimized loading)
+
+### Added
+- Reference counting for thread-safe client cleanup
+- SSH read timeout (30s) and error handling
+- UTF-8 incomplete sequence detection
+- AddressSanitizer build target (`make asan`)
+- Basic functional tests (`test_basic.sh`)
+- Stress testing script (`test_stress.sh`)
+- Static analysis target (`make check`)
+- Developer documentation (HACKING)
+
+### Changed
+- Improved error handling throughout
+- Better memory management in message loading
+
 ## 2025
 - Ongoing development and improvements
 - Bug fixes and optimizations
diff --git a/HACKING b/HACKING
new file mode 100644
index 0000000..e2097b1
--- /dev/null
+++ b/HACKING
@@ -0,0 +1,91 @@
+# HACKING
+
+## Build
+
+```sh
+make              # normal build
+make debug        # with symbols
+make asan         # AddressSanitizer
+make release      # optimized
+```
+
+## Test
+
+```sh
+./test_basic.sh           # functional tests
+./test_stress.sh 20 60    # 20 clients, 60 seconds
+```
+
+## Debug
+
+```sh
+# Memory leaks
+ASAN_OPTIONS=detect_leaks=1 ./tnt
+
+# Or use valgrind
+make valgrind
+valgrind --leak-check=full ./tnt
+
+# Static analysis
+make check
+```
+
+## Architecture
+
+```
+main.c           → entry point, signal handling
+ssh_server.c     → SSH protocol, client threads
+chat_room.c      → client list, message broadcast
+message.c        → persistent storage
+tui.c            → terminal rendering
+utf8.c           → UTF-8 string handling
+```
+
+## Thread Safety
+
+- `g_room->lock`: RWlock for client list and messages
+- `client->ref_lock`: Mutex for reference counting
+- Each client runs in detached thread
+- Reference counting prevents use-after-free
+
+## Memory Management
+
+- Clients: ref-counted, freed when ref==0
+- Messages: fixed ring buffer (MAX_MESSAGES)
+- No dynamic string allocation
+
+## Known Limits
+
+- Max 64 clients (MAX_CLIENTS)
+- Max 100 messages in memory (MAX_MESSAGES)
+- Max 1024 bytes per message (MAX_MESSAGE_LEN)
+- Max 64 bytes username (MAX_USERNAME_LEN)
+
+## Common Bugs to Avoid
+
+1. Don't use `strtok()` on client data - use `strtok_r()` or copy first
+2. Always increment ref_count before using client outside lock
+3. Check SSH API return values (can be SSH_ERROR, SSH_AGAIN, or negative)
+4. UTF-8 chars are multi-byte - use utf8_* functions
+
+## Adding Features
+
+1. Add new command in `execute_command()` (ssh_server.c:190)
+2. Add new mode in `client_mode_t` enum (common.h:30)
+3. Add new vim key in `handle_key()` (ssh_server.c:220)
+
+## Debugging Tips
+
+```sh
+# Find memory issues
+make asan
+ASAN_OPTIONS=detect_leaks=1:abort_on_error=1 ./tnt
+
+# Check thread issues
+gcc -fsanitize=thread ...
+
+# Profile
+gcc -pg ...
+./tnt
+gprof tnt
+```
diff --git a/QUICKREF b/QUICKREF
new file mode 100644
index 0000000..bc9170f
--- /dev/null
+++ b/QUICKREF
@@ -0,0 +1,37 @@
+TNT Quick Reference
+===================
+
+BUILD
+  make              production build
+  make debug        debug symbols
+  make asan         memory sanitizer
+  make release      optimized + stripped
+  make clean        remove artifacts
+
+TEST
+  ./test_basic.sh           basic functionality
+  ./test_stress.sh 20 60    stress test (20 clients, 60s)
+
+DEBUG
+  ASAN_OPTIONS=detect_leaks=1 ./tnt
+  valgrind --leak-check=full ./tnt
+  make check
+
+STRUCTURE
+  src/main.c          entry, signals
+  src/ssh_server.c    SSH, threads
+  src/chat_room.c     broadcast
+  src/message.c       persistence
+  src/tui.c           rendering
+  src/utf8.c          unicode
+
+LIMITS
+  64 clients max
+  100 messages in RAM
+  1024 bytes/message
+
+FILES
+  HACKING           dev guide
+  CHANGELOG.md      changes
+  messages.log      chat log
+  host_key          SSH key
diff --git a/README.md b/README.md
index 6a897ed..139c34c 100644
--- a/README.md
+++ b/README.md
@@ -121,6 +121,18 @@ PORT=3333 ./tnt
 - SSH protocol with PTY support for terminal size detection
 - Dynamic window resize handling
 
+## Development
+
+```bash
+make debug        # Build with debug symbols
+make asan         # Build with AddressSanitizer
+make check        # Run static analysis
+./test_basic.sh   # Run basic tests
+./test_stress.sh  # Run stress test
+```
+
+See [HACKING](HACKING) for development details.
+
 ## Security
 
 - **Encrypted connections**: All traffic is encrypted via SSH